69bb996afd22744d88ed030f1ff94bef0bbfa9316938c4b2b5491f818ccf0f56

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 16:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10f261ef5bf4a6d82bb7713518d3124b_JaffaCakes118.html
Size

214KB
MD5

10f261ef5bf4a6d82bb7713518d3124b
SHA1

337dd35e3fe96c0d5fc2f248e5b360c5fc10ee31
SHA256

69bb996afd22744d88ed030f1ff94bef0bbfa9316938c4b2b5491f818ccf0f56
SHA512

9f88525dc59232fc6adf52f8e26728d14792e1535633ce46ae88caefd4f4ff4f703ebd9563b20001681f021aa96edd4521ba51a2ec8ac5ca20395071622a7683
SSDEEP

3072:2rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJG:uz9VxLY7iAVLTBQJlG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
2916	msedge.exe
2916	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 4968	2916	msedge.exe	81
PID 2916 wrote to memory of 4968	2916	msedge.exe	81
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 60	2916	msedge.exe	82
PID 2916 wrote to memory of 1980	2916	msedge.exe	83
PID 2916 wrote to memory of 1980	2916	msedge.exe	83
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84
PID 2916 wrote to memory of 540	2916	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10f261ef5bf4a6d82bb7713518d3124b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccfeb46f8,0x7ffccfeb4708,0x7ffccfeb4718
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4602222763748298173,8841859454524958920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac8776d73c90362c68ced5aa6f5f1ef1

SHA1
949b212de01db719e6c02e299bca695e929bc1cd

SHA256
f3f30cd3639887ac859e0f72b35637efca41de827d3fe788098ac68e4e59cc38

SHA512
4da5df92cceeb1b925109772a681c39545359690776c3543b1a367ba103f5f44ab46daa4be21f423264a5ca4e955a228cc80114ca15a11499ae7c47eb49b1b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5271243e6bb5f6d6aa5bba245d89d841

SHA1
11c919b112c49f5d9bc17148f4aa80bea2124de8

SHA256
e2c88ea01ae93d65c0e2124e2ab2c94194d28005b8a9d6b03310a87941c9f09b

SHA512
425f944b52953ffbb56a7b009bab4d5e56c907d1fa74c59bd5945016989846d8b4db968a98791ba2807d7f0e761fb260bc6627a94d90b2e0e78831265ad646ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
071093e948aef9a9ba3fe9fa1b60284d

SHA1
f447b647143176d7a5c57a903375324d4e373f56

SHA256
27a07a8feb49a2d4c7e4726faf4858582cdf7581dcd98a9ca78b4d23fc2383ac

SHA512
2e1c21ea990d990ff60f1c5889a4eeb71facd56fa933521355024cc33dc0c583d357695f1b89fbefb154494b84b4abd8a8f85bebdd9d8e0dc81b943be8481959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89d5e5ac3f65d6d1cb732482cad01cce

SHA1
6932faea4dc85b23c21db24190aa76b4a4b1ac5c

SHA256
6a9aa18be96e427dca1e408d3c7969d9859ccd6485b77d4ef10f0d0b374d040b

SHA512
7257e2e26a32055e73391191ac4dfaaaee352cf8fea99d90dbf5ae70391c67fb68c22f1d265ce811ec39e02a26998bba8fc2bb17310c72713826f0ac87ab427d

Download Submit